popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 201e8aabdb7097dd_oneetx.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\550693dc87\oneetx.exe
Size 236.8KB
Processes 2988 (ge009734.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 78a7981f611dc0a6a748d56dcb479e4f
SHA1 24b1013fca7ee1133319bc6c86903f365599d44b
SHA256 201e8aabdb7097dd90ae166b449adcd99eff2c9c0ab2d51d3e36de5cb06026da
CRC32 812B3188
ssdeep 3072:gMSlS07k+nF5fH1jFyhRGc6zMBdSkbcaKhSdctuVi1VWQ23mQb1EcaWVJ5L:gJl7Y+F5fHLyhRFMMBd/ySMuVidfc39
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 2112 (oneetx.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name 5e2450a01e8c4055_foto0189.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000013051\foto0189.exe
Size 666.0KB
Processes 2112 (oneetx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c2e1f6396e9484c77fcea76f49301f8c
SHA1 6f67ebd28d425ff49db64bae0c24a075a3ac5b7d
SHA256 5e2450a01e8c4055c28f114b652b429373c75de795596431afe3d17068420bc4
CRC32 97D204FC
ssdeep 12288:aMrIy90iwJRiriBe6WxhJKHZ4IE1dTCnmHb8WJrUs51/weuIZwD:uywROGIfJMZ4Iu5WCPr7pwTIi
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 7705d3dc3b110aff_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2112 (oneetx.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9e9f6b48159690d4916e38b26d8f92cb
SHA1 2016224921b0791d3de7d897a520d5d35eb84f34
SHA256 7705d3dc3b110aff6fd74fec7d343af5e49a0b7f696c231cc199ffaa6bf07053
CRC32 FDFBEF4D
ssdeep 1536:Co4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUSpaB89p:CoUCWbBNpplToUs1uNhj25LJUmaB89p
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name fc8c2f09cf780c1b_fotocr12.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000014051\fotocr12.exe
Size 537.0KB
Processes 2112 (oneetx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fb4897077c6881a78a0c6a0c5b24cb60
SHA1 22f0816f4a4529b035b2030a358d4455705d1a2e
SHA256 fc8c2f09cf780c1bf2e3945e906f78201ab3d18c80cb4391e02359e437022f6b
CRC32 30CF1F9F
ssdeep 12288:BMrMy90rprvNCXvNsepFUkDHSwCu53/C6/BA:xyqzsXvuepFlywCu53/5pA
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis